Date: Sat, 10 Jan 2009 19:00:17 +0000 (UTC) From: Antoine Brodin <antoine@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org Subject: svn commit: r187031 - in stable/7/etc: . periodic/security Message-ID: <200901101900.n0AJ0Hv1006281@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: antoine Date: Sat Jan 10 19:00:17 2009 New Revision: 187031 URL: http://svn.freebsd.org/changeset/base/187031 Log: MFC r181531 to stable/7: Improve periodic/security/550.ipfwlimit a bit: - don't run it if net.inet.ip.fw.verbose = 0 as it is pointless - handle rules without logging limit correctly [1] (those rules show up without logamount in "ipfw -a list") PR: conf/126060 [1] MFC after: 1 month Modified: stable/7/etc/ (props changed) stable/7/etc/periodic/security/550.ipfwlimit Modified: stable/7/etc/periodic/security/550.ipfwlimit ============================================================================== --- stable/7/etc/periodic/security/550.ipfwlimit Sat Jan 10 18:19:22 2009 (r187030) +++ stable/7/etc/periodic/security/550.ipfwlimit Sat Jan 10 19:00:17 2009 (r187031) @@ -42,19 +42,16 @@ rc=0 case "$daily_status_security_ipfwlimit_enable" in [Yy][Ee][Ss]) - IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` - if [ $? -ne 0 ]; then + IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null` + if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then exit 0 fi TMP=`mktemp -t security` ipfw -a list | grep " log " | \ grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \ - awk -v limit="$IPFW_LOG_LIMIT" \ + awk \ '{if ($6 == "logamount") { if ($2 > $7) - {print $0} - } else { - if ($2 > limit) {print $0}} }' > ${TMP}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901101900.n0AJ0Hv1006281>